<?php
/*******************************************************************************
*  Title: Help Desk Software HESK
*  Version: 2.2 from 9th June 2010
*  Author: Klemen Stirn
*  Website: http://www.hesk.com
********************************************************************************
*  COPYRIGHT AND TRADEMARK NOTICE
*  Copyright 2005-2010 Klemen Stirn. All Rights Reserved.
*  HESK is a registered trademark of Klemen Stirn.

*  The HESK may be used and modified free of charge by anyone
*  AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
*  By using this code you agree to indemnify Klemen Stirn from any
*  liability that might arise from it's use.

*  Selling the code for this program, in part or full, without prior
*  written consent is expressly forbidden.

*  Using this code, in part or full, to create derivate work,
*  new scripts or products is expressly forbidden. Obtain permission
*  before redistributing this software over the Internet or in
*  any other medium. In all cases copyright and header must remain intact.
*  This Copyright is in full effect in any country that has International
*  Trade Agreements with the United States of America or
*  with the European Union.

*  Removing any of the copyright notices without purchasing a license
*  is expressly forbidden. To remove HESK copyright notice you must purchase
*  a license for this script. For more information on how to obtain
*  a license please visit the page below:
*  https://www.hesk.com/buy.php
*******************************************************************************/

define('IN_SCRIPT',1);
define('HESK_PATH','./');

/* Get all the required files and functions */
require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/database.inc.php');

/* Befor anything else block obvious spammers trying to inject email headers */
$pattern = "/\n|\r|\t|%0A|%0D|%08|%09/";
if (preg_match($pattern,$_POST['name']) || preg_match($pattern,$_POST['subject']))
{
	header('HTTP/1.1 403 Forbidden');
    exit();
}

hesk_session_start();

/* Connect to database */
hesk_dbConnect();

/* Data member */
$id_member = $_SESSION['id_member'];
$sqlMember = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."member` WHERE id_member='$id_member'");
$dataMember = hesk_dbFetchAssoc($sqlMember);

$hesk_error_buffer = array();

$tmpvar['email']	= hesk_validateEmail($_POST['email'],'ERR',0) or $hesk_error_buffer[]=$hesklang['enter_valid_email'];

//required field
$tmpvar['firstname']  = hesk_input($_POST['firstname']) or $hesk_error_buffer[]=$hesklang['enter_firstname'];
$tmpvar['lastname']  = hesk_input($_POST['lastname']) or $hesk_error_buffer[]=$hesklang['enter_lastname'];
$tmpvar['gender']  = hesk_input($_POST['gender']) or $hesk_error_buffer[]=$hesklang['enter_gender'];
$tmpvar['handphone']  = hesk_input($_POST['handphone']) or $hesk_error_buffer[]=$hesklang['enter_handphone'];
$tmpvar['province']  = hesk_input($_POST['province']) or $hesk_error_buffer[]=$hesklang['enter_province'];
$tmpvar['city']  = hesk_input($_POST['city']) or $hesk_error_buffer[]=$hesklang['enter_city'];
$tmpvar['address']  = hesk_input($_POST['address']) or $hesk_error_buffer[]=$hesklang['enter_address'];

//optional field
$tmpvar['company']  = hesk_input($_POST['company']);
$tmpvar['phone']  = hesk_input($_POST['phone']);
$tmpvar['fax']  = hesk_input($_POST['fax']);
$tmpvar['website']  = hesk_input($_POST['website']);

if (hesk_input($_POST['password'])!=""){
	$tmpvar['password'] = hesk_input($_POST['password']) or $hesk_error_buffer[]=$hesklang['enter_pass'];
	$tmpvar['repass']  = hesk_input($_POST['repass']) or $hesk_error_buffer[]=$hesklang['enter_repass'];
	if ($tmpvar['password'] != $tmpvar['repass']) $hesk_error_buffer[]=$hesklang['pass_not_match'];
	else $tmpvar['password']=md5($tmpvar['password']);
}


//upload picture
$allowedExtensions = array("jpg"); 
$fileSize = $_FILES['profpic']['size'];

if($fileSize > 0){
    $fileName = $_FILES['profpic']['name'];
    $fileError = $_FILES['profpic']['error'];
    $extension = end(explode(".", strtolower($fileName)));
    if ($fileSize == 0
            || $fileError > 0
            || $fileSize > 512000
            || !in_array($extension, $allowedExtensions)) {
        //error
        $hesk_error_buffer[] = $hesklang['error_profpic'];
    }
}

$passnoten = $tmpvar['password'];

/*CHECK IF EXIST EMAIL*/
if ($dataMember['email']!=$tmpvar['email']){
$sql = "SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."member` WHERE email='".$tmpvar['email']."'";
$result = mysql_query($sql);
$jum = mysql_num_rows($result);
if ($jum>0) $hesk_error_buffer[]=$hesklang['email_exist'];
}

/* If we have any errors lets store info in session to avoid re-typing everything */
if (count($hesk_error_buffer)!=0)
{
    $_SESSION['c_email']     = $_POST['email'];
    $_SESSION['c_firstname']    = $_POST['firstname'];
    $_SESSION['c_lastname'] = $_POST['lastname'];
    $_SESSION['c_gender'] = $_POST['gender'];
    $_SESSION['c_handphone'] = $_POST['handphone'];
    $_SESSION['c_company']  = $_POST['company'];
    $_SESSION['c_address']  = $_POST['address'];
	$_SESSION['c_city']     = $_POST['city'];
    $_SESSION['c_province']    = $_POST['province'];
    $_SESSION['c_phone'] = $_POST['phone'];
    $_SESSION['c_fax'] = $_POST['fax'];
    $_SESSION['c_website']  = $_POST['website'];

    $tmp = '';
    foreach ($hesk_error_buffer as $error)
    {
        $tmp .= "<li>$error</li>\n";
    }
    $hesk_error_buffer = $tmp;

    $hesk_error_buffer = $hesklang['rfm'].'<br /><br /><ul>'.$hesk_error_buffer.'</ul>';
    hesk_process_messages($hesk_error_buffer,'profile.php');
}

$sql = "
UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."member` SET
	`nama_depan`='".hesk_dbEscape($tmpvar['firstname'])."',
	`nama_belakang`='".hesk_dbEscape($tmpvar['lastname'])."',
        `jenis_kelamin`=".hesk_dbEscape($tmpvar['gender']).",
	`email`='".hesk_dbEscape($tmpvar['email'])."',
	`hp`='".hesk_dbEscape($tmpvar['handphone'])."',
	`perusahaan`='".hesk_dbEscape($tmpvar['company'])."',
	`alamat`='".hesk_dbEscape($tmpvar['address'])."',
	`kota`='".hesk_dbEscape($tmpvar['city'])."',
	`provinsi`='".hesk_dbEscape($tmpvar['province'])."',
	`telp`='".hesk_dbEscape($tmpvar['phone'])."',
	`fax`='".hesk_dbEscape($tmpvar['fax'])."',
	`web`='".hesk_dbEscape($tmpvar['website'])."'
WHERE
	`id_member`='".$id_member."'
";
$result = hesk_dbQuery($sql);

//upload profile picture
if($fileSize > 0){
    //delete old file if exist
    if (file_exists('./img/uploads/'. $dataMember['id_member'] . '.jpg')){
        unlink('./img/uploads/'. $dataMember['id_member'] . '.jpg');
    }
    $move = move_uploaded_file($_FILES['profpic']['tmp_name'], 'img/uploads/' . $id_member . '.' . $extension);
    square_crop($hesk_settings['server_path'] . '/img/uploads/' . $id_member . '.' . $extension,$hesk_settings['server_path'] .  '/img/uploads/' . $id_member . '.' . $extension);
}

if ($tmpvar['password']!=""){
$sql2 = "
UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."member` SET
	`password`='".hesk_dbEscape($tmpvar['password'])."'
WHERE
	`id_member`='".$id_member."'
";
$result2 = hesk_dbQuery($sql2);
}

/* Ticket array for later use in e-mails */
$ticket = array(
	'name' 		=> hesk_msgToPlain($tmpvar['name'],1),
	'subject' 	=> hesk_msgToPlain($tmpvar['subject'],1),
	'trackid' 	=> $trackingID,
	'category' 	=> $tmpvar['category'],
	'priority' 	=> $tmpvar['priority'],
    'lastreplier' => hesk_msgToPlain($tmpvar['name'],1),
	'message' 	=> hesk_msgToPlain($tmpvar['message'],1),
    'owner'		=> 0,
);

foreach ($hesk_settings['custom_fields'] as $k => $v)
{
	$ticket[$k] = $v['use'] ? hesk_msgToPlain($tmpvar[$k],1) : '';
}

/* Format e-mail message for customer */
$msg = "
Hi ".$tmpvar['firstname'].",  

This is an automated email message.
An account has been created for you. You may now submit and view your support tickets.

Your log in details are :
Username : ".$tmpvar['email']."
Password : ".$passnoten."

Regards,
Bamboomedia Support
";

/* Send e-mail */
$headers = "From: $hesk_settings[noreply_mail]\n";
$headers.= "Reply-to: $hesk_settings[noreply_mail]\n";
$headers.= "Return-Path: $hesk_settings[webmaster_mail]\n";
$headers.= "Content-type: text/plain; charset=".$hesklang['ENCODING'];
@mail($tmpvar['email'],"Bamboomedia Support Registration",$msg,$headers);

/* Unset temporary variables */
unset($tmpvar);
hesk_cleanSessionVars('tmpvar');

/* Print header */
require_once(HESK_PATH . 'inc/header.inc.php');

?>
<table width="100%" border="0" cellspacing="0" cellpadding="3">
<tr>
<td><span class="smaller"><a href="<?php echo $hesk_settings['site_url']; ?>" class="smaller"><?php echo $hesk_settings['site_title']; ?></a> &gt;
<a href="<?php echo $hesk_settings['hesk_url']; ?>" class="smaller"><?php echo $hesk_settings['hesk_title']; ?></a>
&gt; <?php echo $hesklang['account_update']; ?></span></td>
</tr>
</table>

</td>
</tr>
<tr>
<td>

<p>&nbsp;</p>

<?php

$tmp = $hesklang['account_update'].'<br /><br />'.$hesklang['account_update_success'].'<br /><br />';
hesk_show_success($tmp);
?>

<p>&nbsp;</p>

<?php
require_once(HESK_PATH . 'inc/footer.inc.php');
exit();
?>
